Menu
homeInternet

Information security technology presentation. Presentation on the topic: Information security. Information security methods. Technical equipment failures

1. Information environment. 2. Security models. 3. Areas of software protection. 4. Organizational system of protected objects. 5. Network protection tools. 6. Creating firewalls in corporate networks CONTENTS

The information sphere (environment) is a field of activity associated with the creation, distribution, transformation and consumption of information. Any information security system has its own characteristics and at the same time must meet general requirements. The general requirements for an information security system are the following: 1. The information security system must be presented as a whole. The integrity of the system will be expressed in the presence of a single goal for its functioning, information connections between its elements, and the hierarchy of the construction of the subsystem for managing the information security system. 2. The information security system must ensure the security of information, media and the protection of the interests of participants in information relations.

3. The information security system as a whole, methods and means of protection should be as “transparent” as possible for the user, not create large additional inconveniences associated with access procedures to information and at the same time be insurmountable to unauthorized access by an attacker to the protected information. 4. The information security system must provide information connections within the system between its elements for their coordinated functioning and communication with the external environment, before which the system manifests its integrity and acts as a single whole.

A model of three categories is often cited as a standard security model: · Confidentiality - a state of information in which access to it is carried out only by subjects who have the right to it; · Integrity - avoidance of unauthorized modification of information; · Availability - avoiding temporary or permanent concealment of information from users who have received access rights. There are also other not always mandatory categories of the security model: · non-repudiation or appealability - the impossibility of renouncing authorship; · accountability - ensuring identification of the subject of access and registration of his actions; · reliability - the property of compliance with the intended behavior or result; · authenticity or authenticity - a property that guarantees that the subject or resource is identical to that declared.

According to Kaspersky Lab experts, the task of ensuring information security must be solved systematically. This means that various protections (hardware, software, physical, organizational, etc.) must be applied simultaneously and under centralized control. At the same time, the system components must “know” about the existence of a friend, interact and provide protection from both external and internal threats. Today, there is a large arsenal of methods for ensuring information security: · means of identification and authentication of users (the so-called 3 A complex); · means of encrypting information stored on computers and transmitted over networks; · firewalls; · virtual private networks; · content filtering tools; · tools for checking the integrity of disk contents; · antivirus protection tools; · network vulnerability detection systems and network attack analyzers.

Software and hardware methods and means of ensuring information security. The literature offers the following classification of information security tools. [Means of protection against unauthorized access: Means of authorization; Mandatory access control; Selective access control; Role-based access control; Logging (also called Auditing). Systems for analysis and modeling of information flows (CASE systems). Network monitoring systems: Intrusion detection and prevention systems (IDS/IPS). Confidential information leak prevention systems (DLP systems).

Protocol analyzers Anti-virus tools Firewalls Cryptographic tools: Encryption Digital signature. Backup systems Uninterruptible power systems: Uninterruptible power supplies; Load backup; Voltage generators. Authentication systems: Password; Access key (physical or electronic); Certificate; Biometrics. Means to prevent case break-ins and equipment theft. Access control equipment for premises. Tools for analyzing security systems: Antivirus.

Organizational protection of informatization objects Organizational protection is the regulation of production activities and relationships between performers on a legal basis that excludes or significantly complicates the unlawful acquisition of confidential information and the manifestation of internal and external threats. Organizational protection provides: organization of security, regime, work with personnel, with documents; the use of technical security means and information and analytical activities to identify internal and external threats to business activity.

Network protection tools for LAN. Classification of firewalls It is customary to distinguish the following classes of protective firewalls: filtering routers; session level gateways; application level gateways. Filtering routers Filter incoming and outgoing packets using data contained in TCP and IP headers. To select IP packets, groups of packet header fields are used: sender IP address; Recipient IP address; sender port; recipient port.

Individual routers control the network interface of the router from which the packet came. This data is used for more detailed filtering. The latter can be done in different ways, interrupting connections to certain ports or PCs. Filtering rules for routers are difficult to create. There is no way to check for correctness other than slow and labor-intensive manual testing. Also, the disadvantages of filtering routers include cases where: the internal network is visible from the Internet; complex routing rules require excellent knowledge of TCP and UDP; When a firewall is hacked, all computers on the network become defenseless or inaccessible. But filtering routers also have a number of advantages: low cost; flexible definition of filtering rules; low latency when working with packets

Creating firewalls in corporate networks If you need to establish a reliable corporate or local network, you need to solve the following problems: protecting the network from unauthorized remote access using the global Internet; protecting network configuration data from global network visitors; separation of access to a corporate or local network from a global one and vice versa. To ensure the security of the protected network, various schemes for creating firewalls are used: A firewall in the form of a filtering router is the simplest and most common option. The router sits between the network and the Internet. For protection, data from the analysis of addresses and ports of incoming and outgoing packets is used.

A firewall using a two-port gateway is a host with two network interfaces. The main filtering for data exchange is carried out between these ports. A filter router can be installed to increase security. In this case, an internal shielded network is formed between the gateway and the router, which can be used to install an information server. A firewall with a shielded gateway provides high management flexibility, but an insufficient degree of security. Differs in the presence of only one network interface. Packet filtering is performed in several ways: when an internal host allows access to the global network only for selected services, when all connections from internal hosts are blocked. Firewall with a shielded subnet - two shielding routers are used to create it. The external one is installed between the shielded subnet and the Internet, the internal one is installed between the shielded subnet and the internal protected network. A good option for security with significant traffic and high speed.

Data protection

Slides: 16 Words: 724 Sounds: 0 Effects: 14

Information. Association. Protection. The main activities of AZI are determined by the capabilities of AZI enterprises: Comprehensive protection of information resources of corporate systems. Result: Creation of secure automated systems, including management of a comprehensive information security system. Application of cryptographic means. Protection of information from leakage through technical channels. Supply of comprehensive systems and information security tools. Supply of secure computer equipment. Independent audit of information security of informatization objects. Carrying out R&D. - Information protection.ppt

Information Security Project

Slides: 5 Words: 352 Sounds: 0 Effects: 0

Project name: Protecting information from malware. SUBJECT AREA: computer science and ICT PARTICIPANTS: 10th grade students. Project planning. PROJECT PROGRAM EDUCATIONAL ENVIRONMENT OF THE PROJECT EXAMPLES OF PROJECTS. Educational and methodological materials. Educational materials Methodological recommendations Guide for students. Assessment and standards. Assessment criteria Examples of assessment. - Information Protection Project.ppt

Legal protection of information

Slides: 17 Words: 522 Sounds: 0 Effects: 48

Legal protection of programs and data. Data protection. The presentation was prepared by Ekaterina Smoleva, student 11 “a” of class MOU Obyachevskaya Secondary School. Legal protection of information. When registering an electronic digital signature in specialized centers, the correspondent receives two keys: Secret. Open. The secret key is stored on a floppy disk or smart card and is known only to the correspondent. All potential recipients of documents must have the public key. Usually sent by email. When protecting against copying, various measures are used: - organizational - legal - physical - on the Internet. - Legal protection of information.pptx

Legal protection of information

Slides: 14 Words: 619 Sounds: 0 Effects: 63

RUSSIAN ACADEMY OF JUSTICE Department of Legal Informatics, Information Law and Mathematics. Legal computer science -. Information technology -. Electronic government (E-government) -. Examples of the use of electronic means in public administration: Main directions of use of information and computer technologies in the legal field: State automated system “Justice”. Situation centers. Technical equipment of the situation center. The main element is the shared screen. - Legal protection of information.ppt

Computer Science "Information Security"

Slides: 29 Words: 1143 Sounds: 0 Effects: 10

Information search is understood as: Feedback channel in a closed information system. Search for all excellent students in computer science. What search methods do you know? Data protection. GOST basic terms and definitions in the field of protection. What information is called protected. Digital information. What are the main types of threats to digital information? What is the definition of information protection given in GOST? What kind of influence is called unauthorized. Which impact is called unintended. What you need to do to be sure of the information on your personal PC. - Informatics “Information Protection”.pptx

Protection against unauthorized access

Slides: 10 Words: 640 Sounds: 0 Effects: 11

Protection of information from unauthorized access. PROTECTION AGAINST UNAUTHORIZED ACCESS. Terms related to protection against unauthorized access. Private means of copy protection are dongles, passwords, etc. Types of information security means. Firewall – firewall. Antiviruses. Scanner is a program that checks files for viruses. State regulation of relations in the field of information security in the Russian Federation. Computer science basic course edited by S.V. Simonovich. - Protection from unauthorized access.ppt

Protection of information from unauthorized access

Slides: 20 Words: 480 Sounds: 0 Effects: 99

Computer crime and security. Types of computer crimes. Unauthorized Entry of logical access to information. bombs. Development and distribution of criminal negligence of viruses. ness in development. Computer forgery Theft of computer information. no information. There are many measures aimed at preventing crime: Technical Organizational Legal. Prevention of computer crimes. Technical. Organizational. Legal. Classification of failures and violations: Equipment failures. Loss of information due to incorrect software operation. - Protecting information from unauthorized access.pps

Computer protection

Slides: 46 Words: 3395 Sounds: 0 Effects: 4

Data protection. Protection against unauthorized access to information. Password protection. Biometric security systems. Physical protection of data on disks. Malware protection. Malicious and antivirus programs. Confidentiality. Integrity. Availability. Safety. Unauthorized access. Access control is implemented to prevent unauthorized access. It is not easy to overcome such a defense. Permissions may vary for different users. Fingerprint identification. Identification by speech characteristics. Identification by the iris of the eye. - Computer protection.ppt

Computer protection

Slides: 30 Words: 924 Sounds: 0 Effects: 121

Research objectives: Studying scientific and educational literature on the subject under study. Systematization and generalization of work experience on this problem. Contents of the work: introduction; three chapters; conclusion; application; bibliography; presentation. Areas of work: Computer criminals, virology on a global scale. Methods and methods of protection against computer crimes in the world. The state of hardware and software, methods of protection against viruses at enterprises in Pokachi. Unauthorized access to legally protected computer information. Classification of computer crimes: - Computer protection.ppt

Protecting information on your computer

Slides: 36 Words: 1230 Sounds: 0 Effects: 0

Fundamentals of information security. Information. Laws regulating work with information. About the media. Computer threats. Your computer, what it can tell you about you. Internet travel history. Protecting a “personal” computer outside the network. Protecting a “shared” computer outside the network. Reliable power supply. Backup information. Reliability of media for data storage. Protect Word documents. Computer viruses. Types of computer viruses. Boot virus. File virus. Macro viruses. Network viruses. Types of viruses. Signs of infection. Polyphages. - Protecting information on your computer.ppt

Protecting information on the Internet

Slides: 25 Words: 2504 Sounds: 0 Effects: 0

Data protection. Concept and definition of information. Increase in the amount of information. Disclosure of confidential information. Types of protection of a computer network of an information system. Hardware aspects of information security. Requirements for the security system. Review of methods for accessing network information and modifying it. The need to protect information. Modification of the “logic bomb” type. Modification of the “Trojan horse” type. Hardware aspects of information security. Ensuring data persistence at the user level. Applying the copy operation. Protecting information during unstable power supply. - Protecting information on the Internet.ppt

Protection of information in computer networks

Slides: 13 Words: 718 Sounds: 0 Effects: 0

Protection of information in computer networks. Information security tools. Means of protecting information from unauthorized access. Passwords. Login with password. Malicious program. Antivirus programs. Signature. Biometric security systems. Fingerprint identification. Identification by speech characteristics. Identification by the iris of the eye. Identification by the palm of the hand. - Protection of information in computer networks.ppt

Protection of personal information

Slides: 35 Words: 1498 Sounds: 0 Effects: 0

Practical aspects of protecting personal data from telecom operators. Part 1 Legislation on personal data protection issues. Abbreviations used. Basic concepts of the Federal Law “On Personal Data”. Legislative and regulatory framework in the field of personal data. Documents developed on the basis of the Federal Law “On Personal Data”. Changes in the legislative framework in the field of personal data. A large number of changes are being prepared to the Federal Law “On Personal Data” Issues of collecting consents for processing Issues of forming requirements for the protection of personal data. It is possible that industry standards for the protection of personal data will be legalized. Changes to the consent form for processing. - Personal data protection.ppt

Personal data and its protection

Slides: 14 Words: 688 Sounds: 0 Effects: 0

What is personal data? Legal regulation. Protection of personal information. A set of measures to ensure the protection of personal data. Technical measures to protect personal data involve the use of software and hardware information security tools. Personal data operator - state body, municipal body, legal entity. or physical the person organizing and (or) carrying out the processing of personal data, as well as determining the purposes and content of the processing of personal data. Who is a PD operator? Basic provisions of the Law “On Personal Data”. Requirements for personal data information systems. - Personal data and their protection.pptx

Processing and protection of personal data

Slides: 18 Words: 684 Sounds: 0 Effects: 0

Principles of secure processing of clients’ personal data. Letter of the law. Categories. Roskomnadzor inspections. Responsibility. Domain. Consent to processing. Instructions package. Agreement with courier service. Means of protection. Recipes for success. A complex approach. Confidence. Certificate. Certificate in the browser. EV category certificates. - Processing and protection of personal data.ppt

Features of personal data protection

Slides: 26 Words: 1144 Sounds: 0 Effects: 7

Features of personal data protection. Russian business. Small and medium businesses. Some statistics. Heterogeneity. Problematic segments of SMEs. Statistics. Personal Information. Risk analysis. Probability of inspections. Scheduled checks. Plan for some checks. The attitude of SMEs is still wary. Ways of organization. Commonality of information security organization. Construction of a protection system. Key requirements. Problematic issues of practical implementation. Means to prevent unauthorized access. Information security tools. Budget. Construction of a personal data protection system. -


SECURITY The security of an information system is a property that consists in the ability of the system to ensure its normal functioning, that is, to ensure the integrity and secrecy of information. To ensure the integrity and confidentiality of information, it is necessary to protect information from accidental destruction or unauthorized access to it.


THREATS There are many possible directions for information leakage and ways of unauthorized access to it in systems and networks: interception of information; modification of information (the original message or document is changed or replaced by another and sent to the addressee); substitution of information authorship (someone may send a letter or document on your behalf); exploitation of deficiencies in operating systems and application software; copying storage media and files bypassing security measures; illegal connection to equipment and communication lines; masquerading as a registered user and appropriating his powers; introduction of new users; introduction of computer viruses and so on.


PROTECTION The means of protecting IP information from the actions of subjects include: means of protecting information from unauthorized access; protection of information in computer networks; cryptographic information protection; electronic digital signature; protecting information from computer viruses.


UNAUTHORIZED ACCESS Gaining access to information system resources involves performing three procedures: identification, authentication and authorization. Identification - assigning unique names and codes (identifiers) to the user (object or subject of resources). Authentication - establishing the identity of the user who provided the identifier or verifying that the person or device providing the identifier is actually who it claims to be. The most common method of authentication is to assign the user a password and store it on the computer. Authorization is a check of authority or verification of a user's right to access specific resources and perform certain operations on them. Authorization is carried out to differentiate access rights to network and computer resources.


COMPUTER NETWORKS Local enterprise networks are very often connected to the Internet. To protect local networks of companies, as a rule, firewalls are used. A firewall is a means of access control that allows you to divide a network into two parts (the border runs between the local network and the Internet) and create a set of rules that determine the conditions for the passage of packets from one part to the other. Screens can be implemented either in hardware or software.


CRYPTOGRAPHY To ensure the secrecy of information, encryption or cryptography is used. Encryption uses an algorithm or device that implements a specific algorithm. Encryption is controlled using a changing key code. Encrypted information can only be retrieved using a key. Cryptography is a very effective method that increases the security of data transmission on computer networks and when exchanging information between remote computers.


ELECTRONIC DIGITAL SIGNATURE To exclude the possibility of modification of the original message or substitution of this message for others, it is necessary to transmit the message along with an electronic signature. An electronic digital signature is a sequence of characters obtained as a result of cryptographic transformation of the original message using a private key and allowing one to determine the integrity of the message and its authorship using a public key. In other words, a message encrypted using a private key is called an electronic digital signature. The sender transmits the unencrypted message in its original form along with a digital signature. The recipient uses the public key to decrypt the message's character set from the digital signature and compares it with the unencrypted message's character set. If the characters completely match, we can say that the received message has not been modified and belongs to its author.


ANTI-VIRUSES A computer virus is a small malicious program that can independently create copies of itself and inject them into programs (executable files), documents, boot sectors of storage media and spread over communication channels. Depending on the environment, the main types of computer viruses are: Software viruses (attack files with the extension .COM and .EXE) Boot viruses. Macroviruses. Network viruses. Removable media and telecommunication systems can be sources of virus infection. The most effective and popular anti-virus programs include: Kaspersky Anti-Virus 7.0, AVAST, Norton AntiVirus and many others.


SITES USED informacii-v-komp-yuternyh-setyah.html informacii-v-komp-yuternyh-setyah.html html ht ml ht ml

PROTECTION INFORMATION


Data protection

is a set of measures aimed at ensuring information security.


Why was there a need to protect information?

The problem of protecting information from unauthorized access has become especially acute with the widespread use of local and, especially, global computer networks.

Often the damage is caused by simple user errors who accidentally corrupt or delete vital data.


Why protect information?

Information circulating in control and communication systems can cause large-scale accidents, military conflicts, disruption of the activities of research centers and laboratories, and the ruin of banks and commercial organizations. Therefore, information must be able to be protected from distortion, loss, leakage, and illegal use.


Type of protection

Protection methods

From equipment failures

From accidental loss or corruption of information stored on a computer

  • Request confirmation for executing commands that modify files (for example, when replacing a file);

From computer viruses

Setting special attributes of documents and programs (read-only, hidden);

  • Archiving and backing up files
  • Preventive measures to reduce the likelihood of infection;

From unauthorized access to information (its use, modification, distribution)

The ability to cancel an incorrect action or restore an erroneously deleted file;

Using antivirus programs.

Encryption;

Limiting user access to PC resources.

Passwording;

"electronic locks";

Administrative and law enforcement measures.


Automatic file backup

When using automatic backup programs, the command to save the file is automatically duplicated and the file is saved on two autonomous media, for example, on two hard drives. Failure of one of them does not lead to loss of information.

File backup is widely used, particularly in banking.



Types of computer crimes

  • Unauthorized access to information,
  • Entering logic bombs,
  • Development and distribution of viruses,
  • Criminal negligence in development,
  • Forgery of computer information,
  • Theft of computer information.

Measures to prevent computer crimes

  • Technical
  • Organizational
  • Legal

The protection of information in computers should be considered as a set of measures, including organizational, technical, legal, software, operational, insurance and even moral and ethical measures.


Technical measures

Protection against unauthorized access to the system

Redundancy of critical computer subsystems

Organization of computer networks

Installation of fire fighting equipment

Equipped with locks and alarms.


Organizational measures

  • computer center security,
  • careful selection of personnel,
  • availability of a recovery plan (after failure),
  • universality of protection against all users.

Legal measures

  • Development of standards establishing liability for computer crimes;
  • Copyright protection of programmers;
  • Improving criminal and civil legislation.

"Legislation in the field of information"

10 basic laws, in which:

  • basic terms and concepts are defined,
  • issues of dissemination of information are regulated,
  • copyright protection,
  • property and non-property relations.

Article 273 of the Criminal Code of the Russian Federation

  • Provides criminal liability for the creation of computer programs or their modification, leading to unauthorized destruction.
  • Protects the rights of the owner.
  • Criminal liability resulting from the creation of the program.
  • To attract people, the very fact of creating programs is sufficient.

Legal protection of information is regulated by the laws of the Russian Federation

The legal protection provided by this law applies to all types of computer programs that can be expressed in any language and in any form, including source text in a programming language and machine code. But legal protection does not extend to the ideas and principles underlying the computer program, including the ideas and principles of organizing the interface and algorithm.


To notify about his rights, the program developer can, starting from the first release of the program, use a copyright symbol consisting of 3 elements:

  • the letters C in a circle or parentheses ©; name (name) of the copyright holder; the year the program was first released.
  • the letters C in a circle or parentheses ©;
  • name (name) of the copyright holder;
  • the year the program was first released.

© Microsoft Corporation, 1993-1997.


An organization or user who legally owns a copy of the program (who has purchased a license to use it) has the right, without obtaining additional permission from the developer, to carry out any actions related to the operation of the program, including recording it and storing it in computer memory. Recording and storage in computer memory are permitted in relation to one computer or one user on the network, unless otherwise provided by the agreement with the developer.

You must be aware of and comply with existing laws prohibiting illegal copying and use of licensed software. In relation to organizations or users who violate copyrights, the developer may demand compensation for damages caused and payment by the infringer of compensation in an amount determined at the discretion of the court from 5,000 times to 50,000 times the minimum monthly wage.


Electronic digital signature

In 2002, the Russian Federation Law “On Electronic Digital Signatures” was adopted, which became the legislative basis for electronic document management in Russia. According to this law, an electronic digital signature in an electronic document is recognized as legally equivalent to a signature in a paper document.

When registering an electronic digital signature in specialized centers, the correspondent receives two keys: secret and public. The secret key is stored on a floppy disk or smart card and should be known only to the correspondent himself. The public key must be shared with all potential recipients of the documents and is usually sent via email.

The process of electronically signing a document consists of processing the message text using a secret key. Next, the encrypted message is sent by email to the subscriber. To verify the authenticity of the message and electronic signature, the subscriber uses a public key.


The computer air defense system of the North American continent once declared a false nuclear alarm, putting the armed forces on alert. And the reason was a faulty chip worth 46 cents - a small, coin-sized silicon element.


Examples of errors when working with information

In 1983, there was a flood in the southwestern United States. The cause was a computer that had been fed incorrect weather data, causing it to send an erroneous signal to the floodgates blocking the Colorado River.


Examples of errors when working with information

In 1971, 352 cars disappeared from the New York Railroad. The criminal used information from the computer center that manages the railroad and changed the destination addresses of the cars. The damage caused amounted to more than a million dollars.


Incorrect operation of users and maintenance personnel

80-90% of threats to the information security of large companies come from the “internal enemy” - careless users who can, for example, download a file with a virus from the network.


Technical equipment failures

Preventing cable system disruptions

Power failure protection

Preventing disk system failure


Unauthorized access from outside

« Hacker" is an English word that refers to an individual who enjoys learning the details of how computer systems work and expanding the capabilities of those systems (as opposed to most users who prefer to know only the bare minimum).

information security professionals

hackers (

crackers


The main task of a hacker is to, by examining protection, discover weaknesses in the security system and inform users and developers about them in order to eliminate the vulnerabilities found and increase the level of protection.

Crackers carry out “hacking” of the system in order to gain unauthorized access to information resources and systems that are closed to them.


Crackers

vandals

penetration into the system with the aim of its complete destruction

jokers

fame achieved by infiltrating a system

burglars

hacking a system for the purpose of making money by stealing or replacing information

Protecting information on the Internet

If a computer is connected to the Internet, then, in principle, any user also connected to the Internet can access the information resources of this computer. If the server has a connection to the Internet and simultaneously serves as a local network server (Intranet server), then unauthorized penetration from the Internet into the local network is possible.

The mechanisms of penetration from the Internet to the local computer and to the local network can be different:

  • Web pages loaded into the browser may contain active ActiveX controls or Java applets that can perform destructive actions on the local computer;
  • Some Web servers place text cookies on the local computer, using which you can obtain confidential information about the user of the local computer;
  • Using special utilities, you can access the disks and files of the local computer, etc.

To prevent this from happening, a software or hardware barrier is installed between the Internet and the Intranet using firewall(firewall - firewall). The firewall monitors data transfer between networks, monitors current connections, detects suspicious activities and thereby prevents unauthorized access from the Internet to the local network.


Firewall

Firewall) is a software and/or hardware barrier between two networks, allowing only authorized connections to be established.

A firewall protects a local network or a separate personal computer connected to the Internet from outside penetration and prevents access to confidential information.


Protection of programs from illegal copying and use

Computer pirates, illegally reproducing software, devalue the work of programmers and make software development an economically unprofitable business. In addition, computer pirates often offer users unfinished programs, programs with errors, or demo versions of them.

In order for computer software to function, it must be installed (installed). The software is distributed by manufacturing companies in the form of distribution kits on CD-ROM. Each distribution has its own serial number, which prevents illegal copying and installation of programs.


Special protection can be used to prevent illegal copying of programs and data stored on a CD-ROM. The CD-ROM may contain an encrypted program key, which is lost when copied and without which the program cannot be installed.

Protection against illegal use of programs can be implemented using a hardware key, which is usually connected to the parallel port of the computer. The protected program accesses the parallel port and requests a secret code; If the hardware key is not connected to the computer, the protected program detects a security violation and stops executing.


  • Berne Convention for the Protection of Literary and Artistic Works of 1886
  • Universal Copyright Convention 1952

  • Constitution of the Russian Federation Art. 44.
  • Civil Code of the Russian Federation.
  • Law on Copyright and Related Rights 1993
  • Law of the Russian Federation “On the legal protection of computer programs and databases” 1992

  • Latin letter C inside a circle ©,
  • Name of the owner of the exclusive copyright,
  • Date of first publication.

© Microsoft Corporation, 1993-1997


  • Copyright,
  • Right to a name
  • Right of publication
  • The right to protection of reputation.

If programs are created in the performance of official duties or on the instructions of the employer, then they belong to the employer, unless otherwise provided in the agreement between him and the author.

Extract from the Criminal Code of the Russian Federation

Chapter 28. Crimes in the field of computer information

Article 272. Illegal access to computer information.

1. Unlawful access to legally protected computer information, that is, information on computer media, in an electronic computer (computer), if this act entailed the destruction, blocking, modification or copying of information, disruption of the operation of the computer, is punishable

  • a fine in the amount of two hundred to five hundred minimum wages
  • or in the amount of wages or other income of the convicted person for a period of two to five months,
  • or correctional labor for a period of six months to one year,
  • or imprisonment for a term of up to two years.

2. The same act, committed by a group of persons by prior conspiracy or by an organized group or by a person using his official position, as well as having access to a computer, a computer system or their network, is punishable by a fine in the amount of one hundred thousand to three hundred thousand rubles or the amount of wages or other income of the convicted person for a period of one to two years, or compulsory work for a period of one hundred eighty to two hundred and forty hours, or correctional labor for a period of up to two years, or arrest for a period of three to six months, or deprivation freedom for up to five years.


Article 273. Creation, use and distribution of malicious computer programs

Creating computer programs or making changes to existing programs, knowingly leading to unauthorized destruction, blocking, modification or copying of information, disruption of computer operation, as well as the use or distribution of such programs or computer media with such programs, is punishable

  • imprisonment for a term of up to three years with a fine in the amount of two hundred to five hundred times the minimum wage
  • or in the amount of wages or other income of the convicted person for a period of two to five months. The same acts that entail grave consequences are punishable by imprisonment for a term of three to seven years.

Article 274. Violation of the rules for operating computers, computer systems or their networks

1. Violation of the rules for operating a computer by a person who has access to the computer, resulting in the destruction, blocking or modification of computer information protected by law, if this act caused significant harm, is punishable

  • deprivation of the right to hold certain positions or engage in certain activities for a period of up to five years,
  • or compulsory work for a period of one hundred eighty to two hundred and forty hours,
  • or restriction of freedom for up to two years.

2. The same act, which has caused grave consequences through negligence, is punishable by imprisonment for a term of up to four years.


  • By fingerprints,
  • According to the characteristics of speech,
  • According to the geometry of the palms of the hands,
  • According to the face image,
  • Along the iris of the eye.

INFORMATION PROTECTION

It was announced in 1988 by the Computer Hardware Association to once again remind all users of the need to maintain the protection of their computers and the information stored on them.

That year, for the first time, computers were attacked by the Morris worm, as a result of which 6 thousand nodes of the predecessor of the Internet, the ARPANET network, were infected. This attack caused $96 million in damage. The author of this virus might not have been found, but Robert Morris, a graduate student at Cornell University, was forced to confess by his own father. Morris received a suspended sentence of 3 years and 400 hours of community service. He also paid a $10,500 fine. Since in 1988 it was the first mass epidemic to affect computers, experts began to seriously think about an integrated approach to ensuring the security of information resources.


What is the best way to choose components for a password?

  • Do not use a password that is a dictionary word.
  • If possible, you can use punctuation marks.
  • You can use lowercase and uppercase characters, as well as numbers from 0 to 9.
  • The optimal number of numbers (letters) for composing a password is from 8 to 10.
  • Use the last characters from a list of numbers, symbols, or alphabet.
  • Beware of interceptor programs.

“If you do not provide information within a week, you will be blocked”

“If you want to protect yourself from phishing, follow this link and enter your username and password”

Phishing is a type of Internet fraud whose goal is to obtain identified user data.


  • How can you register your copyright for a software product?
  • Why is software piracy harmful to society?
  • What software and hardware methods of protecting information exist?

The official state policy in the field of information security is expressed in Doctrine of Information Security of the Russian Federation(Order of the President dated September 9, 2000 No. Pr-1895). It expresses a set of official views on the goals, objectives, principles and main directions of ensuring information security of the Russian Federation and serves as the basis for:

  • To formulate state policy in the field of ensuring information security of the Russian Federation
  • Preparation of proposals for improving the legal, methodological, scientific, technical and organizational support for information security of the Russian Federation
  • Development of targeted programs for ensuring information security of the Russian Federation

Information Security- this is the state of security of the constituent entities of the Russian Federation in the information sphere, reflecting the totality of balanced interests of the individual, society and the state.

At the individual level It is assumed that the constitutional rights of a person and a citizen will be implemented to access information, to use information in the interests of carrying out activities not prohibited by law, physical, spiritual and intellectual development, as well as to protect information that ensures personal safety.

At the societal level we are talking about ensuring the interests of the individual in this area, strengthening democracy, creating a rule of law state, achieving and maintaining public consent in the spiritual renewal of Russia.


At risk refers to an action or event that can lead to the destruction, distortion or unauthorized use of computer resources, including stored, transmitted and processed information, as well as software and hardware.

Type of threats:

  • accidental (or unintentional)
  • deliberate

Basic means of protecting computer data:

  • protection of computer hardware components;
  • protection of communication lines;
  • database protection;
  • protection of the computer control subsystem.

Protection system - a set of tools and techniques that protect computer components and help minimize the risk to which its resources and users may be exposed.

There are various security mechanisms:

  • encryption ;
  • digital (electronic) signature ;
  • access control;
  • ensuring data integrity;
  • providing authentication;
  • traffic substitution;
  • routing management;
  • arbitration (or examination).

Exit


Encryption (cryptographic security) is used to implement the classification service and is used in a number of different services.

Encryption can be :

  • symmetrical– is based on the use of the same secret key for encryption and decryption.
  • asymmetrical- characterized by the fact that one key, which is public, is used for encryption, and another, which is secret, is used for decryption. However, knowledge of the public key does not make it possible to determine the secret key.

To implement the encryption mechanism, it is necessary to organize a special service for generating keys and distributing them among network subscribers.


Mechanisms digital signature are used to implement authentication and denial services. These mechanisms are based on asymmetric encryption algorithms and include two procedures:

  • generating a signature by the sender
  • its identification (verification) by the recipient.

First procedure provides encryption of a data block or its addition with a cryptographic checksum, and in both cases the sender’s secret key is used.

Second procedure is based on the use of a public key, knowledge of which is sufficient to identify the sender.


Mechanisms access control check the authority of network objects (programs and users) to access its resources.

When accessing a resource over a connection, control is performed both at the point of initiation of the exchange and at the end point, as well as at intermediate points.

The basis for the implementation of these mechanisms is the access rights matrix and various options for its implementation. Mandate lists include security labels assigned to objects that grant permission to use a resource.

Another type includes lists of access rights based on the authentication of an object and subsequent verification of its rights in special tables (access control databases) that exist for each resource.


Mechanisms ensuring integrity apply both to individual data blocks and to information flows.

Integrity is ensured by the execution of interrelated encryption and decryption procedures by the sender and recipient, followed by comparison of cryptographic checksums.

However, to implement protection against block substitution as a whole, it is necessary to control the integrity of the data stream, which can be implemented, for example, through encryption using keys that change depending on previous blocks. It is also possible to use simpler methods such as numbering blocks or supplementing them with a so-called time stamp.


Mechanisms authentication provide one-way and mutual authentication.

In practice, these mechanisms are combined with encryption, digital signature and arbitration.


Traffic substitutions , in other words, the text filling mechanism is used to implement the data stream secrecy service.

They are based on the generation of fictitious blocks by network objects, their encryption and organization of transmission over network channels.

This neutralizes the possibility of obtaining information about network users through observations of the external characteristics of flows circulating in the network.


Source random threats , arising during computer operation, there may be software errors, hardware failures, incorrect actions of users, operators or system administrators, etc.


Deliberate threats pursue certain goals related to causing damage to network users (subscribers).

Types of intentional threats:

  • Active
  • Passive

Active Intrusions disrupt the normal functioning of the computer, make unauthorized changes to information flows, stored and processed information. These threats are realized through targeted impact on its hardware, software and information resources.

Active intrusions include:

  • destruction or electronic jamming of communication lines,
  • disabling the entire system connected to the network or its operating system,
  • distortion of information in user databases or system data structures, etc.

Information stored in computer memory can be selectively modified, destroyed, and false data can be added to it.

Active intrusions are easy to detect but difficult to prevent.


With a passive intrusion, the attacker only observes the passage and processing of information, without intruding into information flows.

These intrusions are usually aimed at the unauthorized use of computer information resources without affecting its functioning. Passive threat is, for example, receiving information transmitted over communication channels by listening to them.

In this case, the intruder analyzes the message flow (traffic), records identifiers, destinations, message length, frequency and time of exchanges.